I recently had a problem with an Exchange Online tenant. There was an external mail contact which was previously synchronised from Active Directory to Exchange Online. So I had deleted the on-premise active directory mail contact but it still existed in Exchange Online. When I tried to delete the contact it gave the following errror message.
The action ‘Remove-MailContact’, ‘Identity’, can’t be performed on the object ‘Desmond Miles’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
To trouble shoot this issue you can do a couple of things to ensure the external contact does not exist in your on premise Active Directory.
Connect to your Exchange Online Tenant:
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session
- Perform a custom search in ADUC: Search Syntax : proxyaddresses=SMTP:[email protected]
- Search the WAAD Mettaverse
- Run this command on the Exchange Onpremise management shell
remove-mailcontact [email protected]
get-mailcontact [email protected] | fl
Take note of the attribute value: ExternalDirectoryObjectId
In this example the externaldirectoryobjectid is 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8
Then connect to Windows Azure Ad via Powershell and run this command:
get-msolcontact -objectid 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8 | remove-msolcontact
Problem solved. Now run a delta sync on your WAAD server and everything will work fine.